Recently the Azure team announced an important new feature called Azure Confidential Computing. This feature changes how data and code operating putting them inside a Trusted Execution Environment (TEE) or sometimes known as an enclave. When the application operates and access data, that data and access is managed through a hardware device providing additional security and blocking access from third-party tools, operating systems, hypervisors, and so forth.
One of the major blockers many organizations have in moving to the cloud is security. While cloud vendors almost always have far more advanced security than customers have on-premises, there have still been concerns on data access and protection.
This advancement in Azure is a very important one as now customer data is protected even further and with much greater isolation than before and, right now, more isolation than other cloud providers offer. This won't remove all of the roadblocks that customers have in moving to the cloud, but this should start to change how we consider security of applications and data operating in the cloud.
Microsoft Azure is the first cloud to offer new data security capabilities with a collection of features and services called Azure confidential computing. Put simply, confidential computing offers a protection that to date has been missing from public clouds, encryption of data while in use.